As described in its official website (http://www.cuckoosandbox.org/), Cuckoo is a malware sandboxing utility which has practical applications of the dynamical analysis approach. Instead of statically analyzing the binary file, it gets executed and monitored in real time. As a simple explanation, Cuckoo is an open source automated malware analysis system that allows you to perform analysis on sandboxed malware. Cuckoo Sandbox started as a Google Summer of Code project in 2010 within the Honeynet Project. After the initial work during the summer of 2010, the first beta release was published on February 5th, 2011, when Cuckoo was publicly announced and distributed for the first time.

Cuckoo was originally designed and developed by Claudio "nex" Guarnieri, who is still the main developer and coordinates all efforts from joined developers and contributors. In March 2012, Cuckoo Sandbox won the first round of the Magnificent7 program organized by Rapid7. Cuckoo was chosen by Rapid7 for the first round of Magnificent7 sponsorships due to the developers' innovative approach to traditional and mobile-based malware analysis. Cuckoo is used to automatically run and analyze files and collect comprehensive analysis results that outline what the malware does while running inside an isolated Windows operating system. Cuckoo is designed for use in analyzing the following kinds of files:

Cuckoo can also produce the following types of results:

Cuckoo Sandbox consists of a central management software, which handles malware sample executions and analyses.

Each analysis is launched in a fresh and isolated virtual machine. Cuckoo's infrastructure is composed by a host machine (the management software) and a number of guest machines (virtual machines for analysis).

The host runs the core component of the sandbox that manages the whole analysis process, whereas the guests are the isolated environments where the malware actually get safely executed and analyzed. The following diagram shows Cuckoo's architecture: